Memory.memcopy(Address, Address, Extent) can corrupt memory when memory areas overlap

Description

The specification of System.arraycopy(..) says that copies from the same array to the same array can never overwrite data that is needed for the copy. Rather, the method acts as if the data to be copied was first copied to a temporary array and then copied from that temporary array to the destination.

There is currently a bug that can break this behaviour when doing large copies. The System.arraycopy(..) methods can call the aligned*Copy(..) methods in org.jikesrvm.runtime.Memory. These methods have the assumption that src != dst || (srcPos >= dstPos). The problem is that the methods call out to memcopy(Address, Address, Extent) (also in org.jikesrvm.runtime.Memory) when NATIVE_THRESHOLD is exceeded. memcopy(Address, Address, Extent) uses SysCall.sysCall.sysCopy(..) which uses memcpy(..) which assumes that the memory areas do not overlap. This is a stronger assumption than what the aligned*Copy(..) methods provide.

In general, this can lead to errors. In pratice, this seems to happen very rarely. I did not suceed in extracting a test case for the error.

Environment

IA32

Assignee

Erik Brangs

Reporter

Erik Brangs

Labels

None

Fix versions

Affects versions

Priority

High
Configure